There are many situations where it is desirable to be able to authenticate the identity of a remote device before allowing communications between the remote device and the host device, so that only authorized users may gain access to or manipulate data stored on the host device or transfer data between the host and portable devices. Often, the authentication of the identity of the user may be of equal or greater importance than protecting communications against electronic eavesdropping.
The increasing use of portable computing appliances means that a user may store and work on data files on a fixed desktop base appliance at his workstation on site, and take a personal computing appliance such as a portable or palm top computer with him for use off-site. Data may be transferred between the desktop appliance and the personal computer appliance either by a close range infrared (I.R.) or other optical link, or a cable when the two are in close proximity, or via a modem link when the user has the personal computing appliance with him off site. Although allowing remote access provides greater flexibility, an unauthorized user may gain access by emulating an authorized user. The use of passwords provides a basic level of security, but this is not adequate for many situations as they may be intercepted or reverse-engineered (especially since they tend to be only a few characters long and changed infrequently).
There are two common forms of encryption methods. In a public key system, a user has a "public" key which he makes available to those who wish to send him encrypted messages, and a unique "private" key which he keeps secret and uses to decrypt messages encrypted using the public key. An important feature of this method is that it can be used where the sender and receiver never meet, but the method does require a trusted third party repository to produce the public/private key pair, securely to transfer the key pair to the user, and to oversee the system. Thus the system would be cumbersome and expensive for widespread general use.
In a secret key system there is just one key involved in encrypting and decrypting a communication, which is held by both the sender and the receiver. This avoids the need for a third party repository, but it still means that elaborate precautions must usually be taken when supplying the secret key to the sender and receiver, for example a trusted intermediary travelling between the two, and again this is cumbersome and impractical for general widespread use.
Accordingly we have identified a need for a security system for a host device and a portable device which provides enhanced security when the two communicate via a non-secure communication network which is suited for widespread use and which does not require elaborate arrangements or trusted intermediaries for distributing or exchanging keys.
U.S. Pat. No. 5,202,922 discloses an encryption scheme for cashless transactions between a "smart" card, which is read by a remote point of sale terminal, and the host computer of the financial institution. The scheme is designed for remote communication only and does not envisage periodic direct communication between the smart card and the host computer. At the beginning of each session, both the smart card and the host computer have the same security key which remains the same for several sessions. For every session, two session keys are generated at separate stages by the host computer and used to encrypt communications and update the financial data on the "smart" card and the host computer in accordance with the financial transaction entered at the point of sale terminal.
We have also identified many other situations where the portable device and the host device are in close proximity from time to time but often communicate remotely via a nonsecure communication network and where the authentication of the identity of a user and/or the security of communications are important. For example, a business or domestic telephone user may have a fixed normal phone and a cellular phone, and the user may wish to encrypt or scramble communications to prevent electronic eavesdropping.